Add auth to Git.#Repository

Signed-off-by: Guillaume de Rouville <guillaume.derouville@gmail.com>
2021-08-26 16:12:14 +02:00 · 2021-08-26 16:12:14 +02:00 · 08f395b70d
commit 08f395b70d
parent 3b0e3f6919
9 changed files with 55 additions and 43 deletions
--- a/docs/reference/universe/git.md
+++ b/docs/reference/universe/git.md
@ -37,6 +37,8 @@ A git repository
 |*remote*          | `string`             |Git remote. Example: `"https://github.com/dagger/dagger"`    |
 |*ref*             | `string`             |Git ref: can be a commit, tag or branch. Example: "main"     |
 |*subdir*          | `*null \| string`    |(optional) Subdirectory                                      |
+|*authToken*       | `dagger.#Secret`     |(optional) Add Personal Access Token                         |
+|*authHeader*      | `dagger.#Secret`     |(optional) Add OAuth Token                                   |

 ### git.#Repository Outputs

--- a/environment/pipeline.go
+++ b/environment/pipeline.go
@ -816,15 +816,15 @@ func (p *Pipeline) FetchGit(ctx context.Context, op *compiler.Value, st llb.Stat
 		gitOpts = append(gitOpts, llb.KeepGitDir())
 	}
 	// Secret
-	if authTokenSecret := op.Lookup("authTokenSecret"); authTokenSecret.Exists() {
-		id, err := getSecretID(authTokenSecret)
+	if authToken := op.Lookup("authToken"); authToken.Exists() {
+		id, err := getSecretID(authToken)
 		if err != nil {
 			return st, err
 		}
 		gitOpts = append(gitOpts, llb.AuthTokenSecret(id))
 	}
-	if authHeaderSecret := op.Lookup("authHeaderSecret"); authHeaderSecret.Exists() {
-		id, err := getSecretID(authHeaderSecret)
+	if authHeader := op.Lookup("authHeader"); authHeader.Exists() {
+		id, err := getSecretID(authHeader)
 		if err != nil {
 			return st, err
 		}
--- a/stdlib/.dagger/env/git/values.yaml
+++ b/stdlib/.dagger/env/git/values.yaml
@ -1,6 +1,9 @@
 plan:
    package: ./git/tests
 name: git
+inputs:
+    TestPAT:
+        secret: ENC[AES256_GCM,data:7s1tSIpIDNBhAFupdjb7KtPbjKrCd5tXupr3RQF2N3Xu5XGuTZMgoQ==,iv:I+SVYLnjgMffvNg6BMB6m1lj+VVH5sDK0aIEAWPcyLY=,tag:TcfJ6LVps8dXVZGZy3T2ew==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -16,8 +19,8 @@ sops:
            TmhJNisyamw3d244aGVJSEVFVUVLZGsKvd+nowA0CLXQbdvyI4J0lBjs9vdISWlo
            gGvR49uul3Z8raVWXFUzsyQ8xTvYNg0ovynFG2KdagSKr1DlhKMBEQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2021-07-08T09:54:31Z"
-    mac: ENC[AES256_GCM,data:pFrhyJQLJ1zQJmXQWQtmkeraiTHCKvOEr+TVgYQ6EZsei+dL+VUVWDgeHLkonxwh9eBPyAtB1cfxPc+1xVnMCqmFPVZMZ0P+CNgaOTcHk38UzOHyCcjw18AjROuEYffat8XbmjwKaSX+XRvMiC53BTrZkXt6os7hfikrySEot3A=,iv:W9S+qlvAB3gXFhUTpE17Fm/lQK6DTo7mmdzL3LjCVWQ=,tag:/fETJit+AXZ/OjIjz0TPhA==,type:str]
+    lastmodified: "2021-08-26T13:44:11Z"
+    mac: ENC[AES256_GCM,data:ttmpbzhrVFEGh/oJF4TtMvf99rutPBbzp9cIaqakIl+5nxqOkuAakgvf7IIMBG235zdyMvIXZZh6NLYG51PZA1hKNMg5Pqqba9GOSvFCHasWzNJ3pi5SLBGD02ivDfkSMbEHeOCUhnG1X4LxkYL9j+fb4tQt1Btv1hiIAcIa+eY=,iv:WxuW+0yJYtNqAB0y1nji9c3lzn4Pftir8uZojcdphng=,tag:yvcIJxkuqOmCfXoyEnGWow==,type:str]
    pgp: []
    encrypted_suffix: secret
    version: 3.7.1
--- a/stdlib/.dagger/env/op-fetch-git/.gitignore
+++ b/stdlib/.dagger/env/op-fetch-git/.gitignore
@ -1,2 +0,0 @@
-# dagger state
-state/**
--- a/stdlib/.dagger/env/op-fetch-git/values.yaml
+++ b/stdlib/.dagger/env/op-fetch-git/values.yaml
@ -1,26 +0,0 @@
-plan:
-    package: ./dagger/op/tests/fetch-git
-name: op-fetch-git
-inputs:
-    TestPAT:
-        secret: ENC[AES256_GCM,data:4rBqMc8jbs0mIl2tqxZZu6xhKWq1zb4Zmdd4eobZxmT5xkeVJM94KA==,iv:xj6wu5amzCACh8vvBbtqYK8MLsFvoFIYe2wsDLhbzhc=,tag:ZCInVlyCr41MfV9W9SK5iw==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjYUh0WC8yTEtaK2VlZEU4
-            c1pCTUNFWWt3WE5GSzZPU1VuWnVQWHMyWTF3CnVRN0ovd2tWUlU0Q1BneEEyQm9s
-            Rm9TNGVVK3g5aVJUOGNYRzdxbERnNUUKLS0tIDRvTlU2eUozZy9jYzFqOHB6SzNE
-            NnhoNTZYQVJBV1FKUHI1aWJZTnc0bEkKBNxuA26mtiAznfuGbLcqeIxvgg9kLjBl
-            ZofKLWu33k7aUQJADAEKoFD7B0B502LtQRMLk94ObzdhdLxl1F3JNA==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2021-08-25T15:03:39Z"
-    mac: ENC[AES256_GCM,data:IwMHAYejWYenT9KCSSBQhQcRMS+6EJBwDlmP1iWBNs41sbFMSvLabRsh1QHfgN8IYMc02XSii3PM8nDW44CG3s2PYaejEbS0/Q4OnqDFWjW3oyaDxS5/4OvJALV5JWSyQYAItepI1B/M6vL8nXS8lUxxuythX5jyEq9LTGfB608=,iv:8ecze6Fz8BSnENS6cXTpZ6s5zAQMsnb3yqvCjDvwhMc=,tag:iHi/g9K8GX9hrJGN2oq7Jg==,type:str]
-    pgp: []
-    encrypted_suffix: secret
-    version: 3.7.1
--- a/stdlib/dagger/op/op.cue
+++ b/stdlib/dagger/op/op.cue
@ -87,8 +87,8 @@ package op
 	ref:         string
 	keepGitDir?: bool
 	// FIXME: the two options are currently ignored until we support buildkit secrets
-	authTokenSecret?:  _ @dagger(secret)
-	authHeaderSecret?: _ @dagger(secret)
+	authToken?:  _ @dagger(secret)
+	authHeader?: _ @dagger(secret)
 }

 #FetchHTTP: {
--- a/stdlib/git/git.cue
+++ b/stdlib/git/git.cue
@ -11,18 +11,24 @@ import (
 #Repository: {
 	// Git remote.
 	// Example: `"https://github.com/dagger/dagger"`
-	remote: string & dagger.#Input
+	remote: dagger.#Input & {string}

 	// Git ref: can be a commit, tag or branch.
 	// Example: "main"
-	ref: string & dagger.#Input
+	ref: dagger.#Input & {string}

 	// (optional) Subdirectory
-	subdir: *null | string & dagger.#Input
+	subdir: dagger.#Input & {*null | string}

 	// (optional) Keep .git directory
 	keepGitDir: *false | bool

+	// (optional) Add Personal Access Token
+	authToken: dagger.#Input & {*null | dagger.#Secret}
+
+	// (optional) Add OAuth Token
+	authHeader: dagger.#Input & {*null | dagger.#Secret}
+
 	#up: [
 		op.#FetchGit & {
 			"remote": remote
@ -30,6 +36,12 @@ import (
 			if (keepGitDir) {
 				keepGitDir: true
 			}
+			if (authToken != null) {
+				"authToken": authToken
+			}
+			if (authHeader != null) {
+				"authHeader": authHeader
+			}
 		},
 		if subdir != null {
 			op.#Subdir & {
--- a/stdlib/git/tests/git.cue
+++ b/stdlib/git/tests/git.cue
@ -3,8 +3,9 @@ package git
 import (
 	"strings"

-	"alpha.dagger.io/git"
 	"alpha.dagger.io/alpine"
+	"alpha.dagger.io/dagger"
+	"alpha.dagger.io/git"
 	"alpha.dagger.io/os"
 )

@ -74,3 +75,25 @@ TestCurrentTags: os.#Container & {
 		[ $TAGS = "0=master" ]
 		"""
 }
+
+// Test fetching a private repo
+TestPAT: dagger.#Input & {dagger.#Secret}
+
+privateRepo: git.#Repository & {
+	remote:     "https://github.com/dagger/dagger.git"
+	ref:        "main"
+	keepGitDir: true
+	authToken:  TestPAT
+}
+
+TestPrivateRepository: os.#Container & {
+	image: alpine.#Image & {
+		package: bash: "=5.1.0-r0"
+		package: git:  true
+	}
+	mount: "/repo1": from: privateRepo
+	dir: "/repo1"
+	command: """
+		[ -d .git ]
+		"""
+}
--- a/tests/ops/fetch-git/private-repo/fetch-git.cue
+++ b/tests/ops/fetch-git/private-repo/fetch-git.cue
@ -12,7 +12,7 @@ TestPAT: dagger.#Input & {dagger.#Secret}
 TestRepo: #up: [op.#FetchGit & {
 	remote:    "https://github.com/dagger/dagger.git"
 	ref:       "main"
-	authTokenSecret: TestPAT
+	authToken: TestPAT
 }]

 TestContent: os.#Container & {